From 00257988ef1707a028cd7dd0b1f8f68e6e8fac53 Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Sat, 16 Dec 2017 18:07:53 -0800 Subject: Session management refactoring --- storage/migration.go | 2 +- storage/session.go | 77 +++++++++++++++++++++++++++++++++++++++++++++++++ storage/token.go | 48 ------------------------------ storage/user_session.go | 6 ---- 4 files changed, 78 insertions(+), 55 deletions(-) create mode 100644 storage/session.go delete mode 100644 storage/token.go (limited to 'storage') diff --git a/storage/migration.go b/storage/migration.go index 368c567..d29c76d 100644 --- a/storage/migration.go +++ b/storage/migration.go @@ -12,7 +12,7 @@ import ( "github.com/miniflux/miniflux/sql" ) -const schemaVersion = 9 +const schemaVersion = 10 // Migrate run database migrations. func (s *Storage) Migrate() { diff --git a/storage/session.go b/storage/session.go new file mode 100644 index 0000000..17a63e2 --- /dev/null +++ b/storage/session.go @@ -0,0 +1,77 @@ +// Copyright 2017 Frédéric Guillot. All rights reserved. +// Use of this source code is governed by the Apache 2.0 +// license that can be found in the LICENSE file. + +package storage + +import ( + "database/sql" + "fmt" + + "github.com/miniflux/miniflux/helper" + "github.com/miniflux/miniflux/model" +) + +// CreateSession creates a new session. +func (s *Storage) CreateSession() (*model.Session, error) { + session := model.Session{ + ID: helper.GenerateRandomString(32), + Data: &model.SessionData{CSRF: helper.GenerateRandomString(64)}, + } + + query := "INSERT INTO sessions (id, data) VALUES ($1, $2)" + _, err := s.db.Exec(query, session.ID, session.Data) + if err != nil { + return nil, fmt.Errorf("unable to create session: %v", err) + } + + return &session, nil +} + +// UpdateSessionField updates only one session field. +func (s *Storage) UpdateSessionField(sessionID, field string, value interface{}) error { + query := `UPDATE sessions + SET data = jsonb_set(data, '{%s}', to_jsonb($1::text), true) + WHERE id=$2` + + _, err := s.db.Exec(fmt.Sprintf(query, field), value, sessionID) + if err != nil { + return fmt.Errorf("unable to update session field: %v", err) + } + + return nil +} + +// Session returns the given session. +func (s *Storage) Session(id string) (*model.Session, error) { + var session model.Session + + query := "SELECT id, data FROM sessions WHERE id=$1" + err := s.db.QueryRow(query, id).Scan( + &session.ID, + &session.Data, + ) + + if err == sql.ErrNoRows { + return nil, fmt.Errorf("session not found: %s", id) + } else if err != nil { + return nil, fmt.Errorf("unable to fetch session: %v", err) + } + + return &session, nil +} + +// FlushAllSessions removes all sessions from the database. +func (s *Storage) FlushAllSessions() (err error) { + _, err = s.db.Exec(`DELETE FROM user_sessions`) + if err != nil { + return err + } + + _, err = s.db.Exec(`DELETE FROM sessions`) + if err != nil { + return err + } + + return nil +} diff --git a/storage/token.go b/storage/token.go deleted file mode 100644 index c5a614a..0000000 --- a/storage/token.go +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright 2017 Frédéric Guillot. All rights reserved. -// Use of this source code is governed by the Apache 2.0 -// license that can be found in the LICENSE file. - -package storage - -import ( - "database/sql" - "fmt" - - "github.com/miniflux/miniflux/helper" - "github.com/miniflux/miniflux/model" -) - -// CreateToken creates a new token. -func (s *Storage) CreateToken() (*model.Token, error) { - token := model.Token{ - ID: helper.GenerateRandomString(32), - Value: helper.GenerateRandomString(64), - } - - query := "INSERT INTO tokens (id, value) VALUES ($1, $2)" - _, err := s.db.Exec(query, token.ID, token.Value) - if err != nil { - return nil, fmt.Errorf("unable to create token: %v", err) - } - - return &token, nil -} - -// Token returns a Token. -func (s *Storage) Token(id string) (*model.Token, error) { - var token model.Token - - query := "SELECT id, value FROM tokens WHERE id=$1" - err := s.db.QueryRow(query, id).Scan( - &token.ID, - &token.Value, - ) - - if err == sql.ErrNoRows { - return nil, fmt.Errorf("token not found: %s", id) - } else if err != nil { - return nil, fmt.Errorf("unable to fetch token: %v", err) - } - - return &token, nil -} diff --git a/storage/user_session.go b/storage/user_session.go index da9ceba..ffb82fc 100644 --- a/storage/user_session.go +++ b/storage/user_session.go @@ -127,9 +127,3 @@ func (s *Storage) RemoveUserSessionByID(userID, sessionID int64) error { return nil } - -// FlushAllSessions removes all user sessions from the database. -func (s *Storage) FlushAllSessions() (err error) { - _, err = s.db.Exec(`DELETE FROM user_sessions`) - return -} -- cgit v1.2.3